Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 27.10.2013
Published:28.10.2013
Source:
SecurityVulns ID:13369
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 4.4
 WORDPRESS : Cart66 1.5
 UPLOADIFY : Uploadify 3.2
 WEBCOLLAB : WebCollab 3,30
 MODX : MODx 2.2
 ZIKULA : Zikula CMS 1.3
 DORNCMS : DornCMS 1.4
 ZAPMS : ZAPms 1.42
 SYMANTEC : Workspace Streaming 7.5
 GUPPY : GuppY 4.6
 APACHE : Shindig PHP 2.5
CVE:CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.)
 CVE-2013-5978
 CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.)
 CVE-2013-4295 (The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.)
 CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.)
 CVE-2013-1742 (Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.)
 CVE-2013-1734 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action.)
 CVE-2013-1733 (Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token.)
Original documentdocumentAPACHE, [CVE-2013-4295] Apache Shindig information disclosure vulnerability (28.10.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in GuppY (28.10.2013)
 documentrgod, Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution (28.10.2013)
 documentjsibley1_(at)_gmail.com, Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities (27.10.2013)
 documentVulnerability Lab, ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability (27.10.2013)
 documentVulnerability Lab, DornCMS Application v1.4 - Multiple Web Vulnerabilities (27.10.2013)
 documentLpSolit_(at)_gmail.com, Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11 (27.10.2013)
 documentVulnerability Lab, Zikula CMS v1.3.5 - Multiple Web Vulnerabilities (27.10.2013)
 documentiedb.team_(at)_gmail.com, Wordpress videowall Plugin Xss vulnerabilities (27.10.2013)
 documentadvisories_(at)_enkomio.com, [SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting (27.10.2013)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30 (27.10.2013)
 documentMustLive, AFU and IL vulnerabilities in Uploadify (27.10.2013)
 documentX-Cisadane, WebTester 5.x Multiple Vulnerabilities (27.10.2013)

Librack multiple security vulnerabilities
Published:28.10.2013
Source:
SecurityVulns ID:13370
Type:library
Threat Level:
5/10
Description:DoS, code execution.
Affected:RUBY : rack 1.5
CVE:CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time.)
 CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings.")
 CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.)
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2783-2] librack-ruby regression update (28.10.2013)

Suds symbolic links vulnerability
Published:28.10.2013
Source:
SecurityVulns ID:13371
Type:local
Threat Level:
4/10
Description:Symbolic links vulnerability on temporary fiels creation.
Affected:PYTHON : Suds 0.4
CVE:CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.)
Original documentdocumentUBUNTU, [USN-2008-1] Suds vulnerability (28.10.2013)

Apport weak permissions
Published:28.10.2013
Source:
SecurityVulns ID:13372
Type:local
Threat Level:
4/10
Description:Weak permissions on created sump files.
Affected:APPORT : Apport 2.12
CVE:CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.)
Original documentdocumentUBUNTU, [USN-2007-1] Apport vulnerability (28.10.2013)

CA SiteMinder crossite scripting
Published:28.10.2013
Source:
SecurityVulns ID:13373
Type:remote
Threat Level:
5/10
Affected:CA : SiteMinder 12.51
CVE:CVE-2013-5968 (Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.)
Original documentdocumentCA, CA20131024-01: Security Notice for CA SiteMinder (28.10.2013)

RSA Authentication Agent authentication bypass
Published:28.10.2013
Source:
SecurityVulns ID:13375
Type:remote
Threat Level:
5/10
Description:Protection bypass on agent crash.
Affected:EMC : RSA Authentication Agent 7.1
CVE:CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.)
Original documentdocumentEMC, ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability (28.10.2013)

Mozilla nss uninitialized memory dereference
Published:28.10.2013
Source:
SecurityVulns ID:13376
Type:library
Threat Level:
5/10
Description:Uninitialized memory dereference on decryption.
Affected:MOZILLA : nss 3.15
CVE:CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:257 ] nss (28.10.2013)

X.Org use-after-free
Published:28.10.2013
Source:
SecurityVulns ID:13377
Type:library
Threat Level:
7/10
Description:Use-after-free during ImageText request processing.
Affected:XORG : X.Org X11 1.14
CVE:CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.)
 CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2784-1] xorg-server security update (28.10.2013)

Cisco Identity Services Engine multiple security vulnerabilities
Published:28.10.2013
Source:
SecurityVulns ID:13378
Type:remote
Threat Level:
6/10
Description:Authentication bypass, code execution.
Affected:CISCO : Cisco Identity Services Engine 1.2
CVE:CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.)
 CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.)
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
Files:Multiple Vulnerabilities in Cisco Identity Services Engine
 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

NetGear ReadyNAS code execution
Published:28.10.2013
Source:
SecurityVulns ID:13379
Type:remote
Threat Level:
5/10
Description:Web interface commands injection.
Affected:NETGEAR : ReadyNAS 4.2
CVE:CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.)
 CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow.")
Original documentdocumentvuln-report_(at)_secur3.us, [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root (28.10.2013)

Watchguard Server Center XSS
Published:28.10.2013
Source:
SecurityVulns ID:13380
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting vulnerabilities.
Affected:WATCHGUARD : Watchguard Server Center 11.7
CVE:CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
Original documentdocumentJulien Ahrens, [CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities (28.10.2013)

PolarSSL multiple security vulnerabilities
Published:28.10.2013
Source:
SecurityVulns ID:13381
Type:remote
Threat Level:
5/10
Description:DoS, buffer overflows, timing attacks.
Affected:POLARSSL : PolarSSL 1.2
CVE:CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.)
 CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.)
 CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2782-1] polarssl security update (28.10.2013)

Linux kernel mulriple security vulnerabilities
updated since 09.09.2013
Published:28.10.2013
Source:
SecurityVulns ID:13265
Type:local
Threat Level:
6/10
Description:Privilege escalations, information leakages, DoS conditions.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.2
 LINUX : kernel 3.5
 LINUX : kernel 3.8
CVE:CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.)
 CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.)
 CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.)
 CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.)
 CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.)
 CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.)
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.)
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.)
 CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.)
 CVE-2013-2140 (The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.)
 CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.)
 CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.)
 CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.)
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.)
 CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.)
 CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.)
 CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.)
Original documentdocumentUBUNTU, [USN-1998-1] Linux kernel vulnerabilities (28.10.2013)
 documentLinux Kernel Patches For Linux Kernel Security, Linux Kernel Patches For Linux Kernel Security (01.10.2013)
 documentUBUNTU, [USN-1974-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1968-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, USN-1976-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1939-1] Linux kernel vulnerabilities (09.09.2013)
 documentUBUNTU, [USN-1944-1] Linux kernel vulnerabilities (09.09.2013)

OpenStack multiple security vulnerabilities
updated since 28.10.2013
Published:23.12.2013
Source:
SecurityVulns ID:13374
Type:library
Threat Level:
7/10
Description:DoS, information leakage.
Affected:OPENSTACK : Nova 2013.1
 OPENSTACK : Cinder 2013.1
 OPENSTACK : glanceclient 0.9
 OPENSTACK : Glance 2013.1
 OPENSTACK : Keystone 2013.1
 OPENSTACK : Swift 1.8
 OPENSTACK : Horizon 2013.2
 OPENSTACK : Keystone 2013.2
CVE:CVE-2013-6858 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.)
 CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.)
 CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.)
 CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.)
 CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.)
 CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.)
 CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.)
 CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.)
 CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.)
 CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.)
 CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.)
 CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
 CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.)
Original documentdocumentUBUNTU, [USN-2062-1] OpenStack Horizon vulnerability (23.12.2013)
 documentUBUNTU, [USN-2061-1] OpenStack Keystone vulnerability (23.12.2013)
 documentUBUNTU, [USN-2034-1] OpenStack Keystone vulnerability (26.11.2013)
 documentUBUNTU, [USN-2001-1] Swift vulnerability (28.10.2013)
 documentUBUNTU, [USN-2000-1] Nova vulnerabilities (28.10.2013)
 documentUBUNTU, [USN-2002-1] Keystone vulnerabilities (28.10.2013)
 documentUBUNTU, [USN-2003-1] Glance vulnerability (28.10.2013)
 documentUBUNTU, [USN-2004-1] python-glanceclient vulnerability (28.10.2013)
 documentUBUNTU, [USN-2005-1] Cinder vulnerabilities (28.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod